leweafan
commented
2 years ago As I know juniper junos filebeat module uses js script on host side to parse logs (/usr/share/filebeat/modules/juniper/...). Ingest pipeline only renaming fields.
Closed getkub closed 9 months ago
leweafan
commented
2 years ago As I know juniper junos filebeat module uses js script on host side to parse logs (/usr/share/filebeat/modules/juniper/...). Ingest pipeline only renaming fields.
getkub
commented
2 years ago As I know juniper junos filebeat module uses js script on host side to parse logs (/usr/share/filebeat/modules/juniper/...). Ingest pipeline only renaming fields. Thanks. Is it possible to move the logic from js script to pipeline, so raw data can be directly sent to ES. cheers
botelastic[bot]
commented
1 year ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!
Loading the ingest pipeline from: https://github.com/elastic/integrations/blob/main/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml
does not parse anything. The other modules like infoblox/fortinet/cisco etc are self contained and loading the ingest pipeline makes the fields perfect. But the juniper's one doesn't have grok/parsing logic in the ingest pipeline